Credit to Author: Christopher Boyd| Date: Tue, 11 Sep 2018 15:00:00 +0000
Everyone hates spam (apart from the people who send it). While many people simply report spam and delete, a few look for ways to get back at the spammers wasting their time. In fact, a common question we’re asked is, “How can we waste their time?”
My own opinion on this is a little loaded with caution; simply striking up conversations with spammers and scammers with no prior experience is a good way to get yourself into trouble.
Maybe you replied from your work mail, and now they’re sending missives to your boss. Perhaps you used a mail service revealing your IP address, and now they’re making empty yet terrifying-sounding threats about hacking you. How about responding to their request for ID and accidentally sending them the real thing, instead of a humorously-constructed image built from MS paint?
There’s a lot to think about before embarking on this path, but if you still want to waste some spammer’s time (and in a much safer fashion), read on.
1) NO GENUINE INFORMATION EVER. Yes, I realize all caps is a bit shouty but it’s important enough information to warrant shouting. No matter what you do, or which method you use to waste a scammer’s time, revealing things about you and yours is always a bad idea.
2) Use an anonymous email address. And don’t tie it to something you use daily. Avoid work email, personal email, email tied to anything “business critical” (websites/domain registrations, or other sensitive logins).
Worried that a spammer won’t reply if you reply to them with your new-fangled anonymous/throwaway account instead of the one they sent it to? Don’t be. They don’t care, they’ll reply to anything. Mail, voicemail, love letter painted on the side of a cow, anything at all. One common spammer trick is to direct you to alternate email addresses to reply to because their main one is liable to be shut down at any moment anyway, so they really won’t care where your time-wasting antics come from.
3) Don’t tell people to do dangerous things. There is a popular form of 419 scam-baiting called “Going on safari,” where the pretend victim manipulates the scammer into a long, potentially dangerous trek into parts unknown. While some of these tales are humorous in an “Oh no, you did what?” fashion, you really don’t want to get yourself involved in any situation where somebody falls off a cliff and they have a printout in their pants with your “There’s buried treasure 500 miles this way, honest” mail in them.
Outside of that, how you waste their time is really up to you. One word answers to all of their missives tend to aggravate them in spectacular fashion, if that helps. If you’re not comfortable with the direct approach, there’s more than a few ways to keep your hands clean (so to speak) while gobbling up more of their precious time.
Let someone else do the dirty work
As it turns out, a little automation goes a long way. There’s a variety of tools online for you to make use of in the fight against spammers, and the best part is they won’t have any idea about your involvement.
4) Use a chatbot app, such as Spamnesty, to automate email spam exchanges. All you must do here is strip out any personal information of your own from any email exchange, forward the spam on to the Spamnesty email address, and then sit back and giggle a lot as a chatbot pretending to be a CEO endlessly frustrates a scammer. Bonus: you can read through some of the conversations. Everyone can enjoy that.
Re:Scam gets an honorable mention because although currently offline, it has the promise of eventually coming back to life. Another chatbot, it cycles through various personalities to get the job done and has (according to their stats) replied to more than a million emails and wasted roughly five years of their time in total, which is spectacular.
5) Use a spam blocker app with automated responses for telemarketers. Not all spam is email-based, and significant volumes continue to land on our mobile devices in the form of phone calls. If you’re really unlucky, it’s a nonstop barrage of missed calls, unknown callers, and premium rate call-back scams just waiting to get their teeth into your cash. Several apps exist that will block cold callers and add them to spam lists (which isn’t always straightforward to figure out on a vanilla phone), but there’s not many wasting the time of the scammers with chatbots.
Robokiller is one of the first to deploy a variety of (hopefully?) humorous chatbots to choose from, then set them loose in calls with unwanted telemarketers. As with the mail-based equivalents, wasting time is the name of the game because wasted time equals wasted money on the part of the spammer. While I don’t believe this approach is ever going to prevent phone spammers from giving up their day job, one wasted call is another person not losing a ton of money or personal information to a con artist. That can only be a good thing.
The future of time wasting
Burning out scammers isn’t just an occasional pastime for forum goers anymore. You can turn it into an actual occupation with a little bit of outlay and hard work. The future is YouTube scam baiting gone mainstream. Just remember before you start punking your next scammer that (depending on the method of outreach and how much of your information might be lurking in breach dumps), they could well have your real information. It’s really not pleasant to hear “We’ll have our people at your home address, watch your back.”
If in doubt, stick to non-identifiable automation or leave things to the professionals. It’s generally a lot safer that way, and you’ll probably get to watch a humorous YouTube video in the bargain. That’s a win for everybody—except perhaps for the spammer on the receiving end.
The post 5 safe ways to get back at spammers: a guide to wasting time appeared first on Malwarebytes Labs.